This is one of three main challenges facing financial services and other organisations, said
Mark Clancy, managing director and corporate information security officer at the DTCC.

The other challenges are the fact that there are many types of cyber attacker and that attackers
can typically act more quickly than defenders, he told Computer Weekly.

The main threat actors, said Clancy, are criminals who want to steal money, hacktivists who want to make
a political point, espionage actors who want to steal secrets for their nation or cause, and
war-like actors who want to disable the function of infrastructures, for example.

“Organisations have to recognise that they face all four of those, although to differing
degrees, and that they have to have a capability to address all the different actors and
motivations,” he said.

The timescale problem refers to the fact that attacks are measured in seconds, minutes and
hours, while it can take days, months or years for defenders to realise an attack has taken place,
said Clancy.

“We have to change our approach so we can work in the same timescales as the attackers,” he
added.

Part of the challenge is to identify when data has been stolen, which is difficult, he said.

“If robbers break into your house and steal your china and silver, you know about it instantly
because it is gone, but when someone steals a digital asset, everything you had still appears
present.

“We have to work in our capabilities to identify ways to shorten the time between the initial
intrusion and awareness that the intrusion has taken place.”

Allied both to dealing with a multitude of different attackers and the increasing speed of
attacks, is gathering and sharing information about attacks that are taking place, said Clancy.

“If you can learn about attacks that were attempted elsewhere before they show up on your
doorstep, you can be much better prepared to defend against those attacks and reduce the likelihood
of their success.”

The financial services industry is working to share this information in order to devalue the
infrastructure that attackers are using to increase the costs of attack, while decreasing the costs
of defence, he said.

The financial services sector is often recognised as being one of the most advanced in sharing
cyber threat intelligence, said Clancy, but there is still room for improvement.

“The main reason we tend to do it better than other industry sectors is that we started more
than a decade ago and we decided that this is not an issue where we are competitive with each
other,” he said.

The value in sharing threat intelligence stems from the fact that attackers typically target
several financial institutions using the same techniques.

“We saw the direct benefit of sharing this information because we realised that if we were not a
target today, we could be a target tomorrow,” said Clancy. “And the reason it works is that we
built community around this issue.”

Because trust does not scale, there is a need to build peer-to-peer trust relationships, in
which individuals can be sure that if they share information, it will be handled appropriately, he
said..

“When you build that confidence, you can grow that community, and as the community gets larger,
you have an increasing number of nodes of connectivity and more data flows.”

The next step in the evolution of sharing threat information in the financial services industry,
said Clancy, is to share things that show up on networks in an automated way to increase the volume
of data shared.

“We want to share cyber threat data as quickly as we process financial transactions,” he said.
“This is where we and other industries need to go.”

At the same time, financial institutions should continually review their ability to share and
consume cyber threat intelligence data, said Clancy.

“In our institution, for example, we had to completely re-tool our operations to take advantage
of this information.

“Organisations have to assess their capabilities and figure out how they are going to operate
them at scale, then they have to mature their operations to the point that they are able to
identify new things happening in their environment and share those back to the community to make
the community stronger.”

Email Alerts

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Google is the latest of the tech giants hiring Wall Street hotshots. The CIO lesson? Partner with your CFO if you want to get ahead. Also in Searchlight: Facebook turns Messenger into an ecosystem; Twitter faces a gender bias lawsuit.